Releases: SonarSource/sonar-java
8.33.0.44481
Release notes - SonarJava - 8.33
False Positive
SONARJAVA-6440 S2245: Implement security-context heuristic to reduce false positives
Maintenance
SONARJAVA-6443 S5852: only report in case of exponential backtracking + add rule S8786
SONARJAVA-6469 Prepare next development iteration 8.33.0
SONARJAVA-6470 ToggleLockBranch: Add additional-message
SONARJAVA-6476 Remove 8 rules from SonarWay profile
SONARJAVA-6477 Update rule metadata
8.32.1.44409
Release notes - SonarJava - 8.32.1
Bug
SONARJAVA-6465 Rule S8714 - fix quickfix indexoutofbound / NPE exception
Maintenance
SONARJAVA-6463 Prepare next development iteration 8.33.0
SONARJAVA-6467 Prepare next development iteration 8.32.1-SNAPSHOT
8.32.0.44337
Release notes - SonarJava - 8.32
Feature
SONARJAVA-6454 Rule S8714 - implement quickfix
False Positive
SONARJAVA-6053 Fix FP on S112: exception wrapping in RuntimeException for checked exceptions
Maintenance
SONARJAVA-6397 Add Mall spring project to ruling test
SONARJAVA-6446 Refactor merging list of arguments to MethodMatchers
SONARJAVA-6448 Prepare next development iteration 8.32.0
SONARJAVA-6450 Fix QG: only one @BeforeAll is allowed
SONARJAVA-6452 Pin dependencies
SONARJAVA-6456 Remove deprecated rule S4792, S6291 and S6300
SONARJAVA-6460 Update rule metadata
8.31.0.44157
Release notes - SonarJava - 8.31
Feature
SONARJAVA-6405 S8745: Create rule: Test classes should not contain multiple @beforeeach, @AfterEach, and similar annotations
SONARJAVA-6406 S8714 - New rule : Use assertThrows/assertDoesNotThrow instead of try-catch with fail()
SONARJAVA-6423 S8715: New rule - JUnit 5 @test's should not use JUnit 4 assertions
False Positive
SONARJAVA-5160 S1144 should not raise on method sources listed in arrays
SONARJAVA-6065 S107: Fix FP - Methods with @SuppressWarnings("ParameterNumber") annotation
False Negative
SONARJAVA-6425 S1068 Should should support records
SONARJAVA-6436 S2970 FN (regression) when org.assertj.core.api.AssertionsForClassTypes.assertThat is used
Maintenance
SONARJAVA-6422 Prepare next development iteration 8.31.0
SONARJAVA-6437 Deprecate rule S3067 "getClass" should not be used for synchronization
SONARJAVA-6447 Use Surefire 3.5.6 in java-custom-rules-example to fix broken build
Contributors
Assets 3
8.30.0.43910
Release notes - SonarJava - 8.30
Feature
SONARJAVA-5360 Do not perform date and time arithmetic on DST unaware types
SONARJAVA-6187 S4605: improve scanning detection
SONARJAVA-6298 Modify S2143: suggest to users of Joda time that they move to the Date & Time API
SONARJAVA-6303 S8696: Value-based types should be compared using their value
SONARJAVA-6305 S8220: Conversions between local and timezone-aware types should use explicit timezone handling
SONARJAVA-6321 Implement S8694: DayOfWeek and Month Enums should be used instead of numeric values
SONARJAVA-6328 Implement S8688: Time-based .now() methods should specify a ZoneId or a Clock
SONARJAVA-6330 S8692: The system clock should not be used in unit tests
SONARJAVA-6345 Create rule S8695: Redundant time instantiation patterns should be simplified
SONARJAVA-6389 Modify S8694: implement a quickfix
SONARJAVA-6392 Modify S8688: Do not raise in tests
False Positive
SONARJAVA-4426 FP in rule S5778, when methods definitely not calling any exception are used
SONARJAVA-6326 FP S1143: 'return' inside lambda in 'finally' block
Maintenance
SONARJAVA-6242 Deprecate S5042: Expanding archive files should not be done without controlling resource consumption
SONARJAVA-6296 Configure Renovate for sonar-java
SONARJAVA-6302 Prepare next development iteration 8.30.0
SONARJAVA-6338 Test vfox to fix "mise use java@21" producing: HTTP status client error (400 Bad Request) for url (https://mise-versions.jdx.dev/aqua-registry/apache/maven/registry.yaml)
SONARJAVA-6348 Update GitHub Actions dependencies
SONARJAVA-6349 Update Analyzer Commons to v2.22.0.4796
SONARJAVA-6350 Update Maven dependencies
SONARJAVA-6352 Update SSLR to v1.25.1.3886
SONARJAVA-6375 S3752: Do not raise when HTTP verbs are explicitly allowed and adjust message for vulnerability format
SONARJAVA-6378 Bump tomcat-embed-jasper to 9.0.118 in java-jsp
SONARJAVA-6381 Update ArgumentsProvider to fix QG
SONARJAVA-6382 Update sonarlint-core
SONARJAVA-6408 Update rule metadata
SONARJAVA-6409 Update spotbugs rule descriptions
8.29.0.43460
Release notes - SonarJava - 8.29
Feature
SONARJAVA-5719 S1176 Should have a separate message for undocumented type parameters.
SONARJAVA-6196 S1451 should provide a default template for headers
SONARJAVA-6273 S3706: "stream" should not be used for Collection "forEach" calls
SONARJAVA-6283 S3706 should have a quickfix
False Positive
SONARJAVA-6198 S1451 should accept an empty headerFormat as the absence of any line
SONARJAVA-6208 S2699: Add approve to assertion method name pattern
Bug
SONARJAVA-6197 S1451 should not fail at analysis time when an empty headerFormat rule property marked as a regular expression is provided
SONARJAVA-6269 S1451 should correctly handle empty headerFormat
Maintenance
SONARJAVA-6231 Set up orchestrator cache
SONARJAVA-6233 Logs from the orchestrator are not preserved in the ruling test
SONARJAVA-6235 Update orchestrator to 6.1.0.3962
SONARJAVA-6241 Do not test PRs against DEV SQ
SONARJAVA-6244 Update RSPEC before 8.29 release
SONARJAVA-6246 Update Develocity URL
SONARJAVA-6247 Use orchestrator-cache in autoscan tests
SONARJAVA-6251 Reduce test log noise by restricting debug to selected packages
SONARJAVA-6253 Ensure ITs jobs do not share cache
SONARJAVA-6254 Use mise to install mvn in PrepareNextIteration.yml
SONARJAVA-6268 Fix issue in primitveType() and primitiveWrapperType() when the sema is incomplete
SONARJAVA-6289 Fix QG : Issues with .stream().foreach(...)
SONARJAVA-6291 SubmitReview: Use Vault token
SONARJAVA-6299 Unpin SonarSource GitHub actions
8.28.0.43176
Release notes - SonarJava - 8.28
No issues found for this release.
8.27.0.43088
Release notes - SonarJava - 8.27
Feature
SONARJAVA-5472 Dangling Javadoc comments should be removed
SONARJAVA-6205 Agentic AI Quality Profiles for Java
SONARJAVA-6212 Rename rules property for ruling test to enable checking only specific set of Sonar rules
SONARJAVA-6218 Prepare a basic project in sonar-java to use for running ruling samples
False Positive
SONARJAVA-5730 S1301 Should not raise issues when a switch expression is used for an exhaustive match on 2-valued enum
SONARJAVA-6070 Fix FP on S1133: Public APIs with documented deprecation plans flagged
False Negative
SONARJAVA-6139 S5042 should raise when invoking sensitive methods over tar archives
Maintenance
SONARJAVA-6193 Bump version using automated release and Maven
SONARJAVA-6195 Add the Java 25 tag to rules S8465 and S8469
SONARJAVA-6211 Upload artifacts if ruling-qa or autoscan ITs fail
SONARJAVA-6219 Make build and qa jobs emit download logs
SONARJAVA-6220 Do not run nightly builds on the weekends
SONARJAVA-6229 Upgrade parent pom to version 87.0.0.3057
SONARJAVA-6230 Delete duplicated agentic profile
8.26.0.42915
Release notes - SonarJava - 8.26
False Positive
SONARJAVA-4960 FP S1854 wrongly report issues when the semantic is not complete
SONARJAVA-5975 FP on S6856 when the ModelAttribute is a class / record
SONARJAVA-5985 S6207 should only raise if it has no side effects or only before assignments to components
SONARJAVA-6003 FP on S2055 when superclass has a generated no args constructor
SONARJAVA-6070 Fix FP on S1133: Public APIs with documented deprecation plans flagged
SONARJAVA-6179 FP in S6810: CompletableFuture is not treated as a subtype of Future when T is unknown
SONARJAVA-6180 FP on rule S5853: consecutive calls to "assertThat" chained with calls to "element" should not raise an issue
SONARJAVA-6184 FP for S4605 when having SpringBootApplication followed by ComponentScan annotation
SONARJAVA-6186 S6207 should not raise on non-trivial getter methods
False Negative
SONARJAVA-5980 S3749: false negative when Lombok RequiredArgsConstructor is used
SONARJAVA-6122 FN Rule S3078 : VolatileVariablesOperationsCheck implementation seems to be wrong
Bug
SONARJAVA-5657 S6541, Incorrect NOAV Metric Calculation
SONARJAVA-6152 S1612 incorrect quickfix
Maintenance
SONARJAVA-5981 S5194: Compliant and non compliant code exmples are too different
SONARJAVA-6155 Use shared update rule metadata worflow
SONARJAVA-6176 Update Rspec quickfix property for ["S7629", "S7467", "S7466", "S7475", "S7477"]
SONARJAVA-6185 Prepare Next Iteration: adjust for automated release
SONARJAVA-6188 Use plugin-artifacts to fix SQS and SQC integrations
SONARJAVA-6190 Update automated release workflow
SONARJAVA-6194 Update rule metadata
8.25.0.42802
Release notes - SonarJava - 8.25
Feature
SONARJAVA-6093 Implement rule S3051 : Main methods should be used only as program entry point
SONARJAVA-6100 Implement rule S8450 : Use IO.readln() for console input instead of BufferedReader boilerplate
SONARJAVA-6102 Implement rule S8447 : Initialize subclass fields before super() when superclass constructor may call
SONARJAVA-6104 S8469: Use IO.readln(String prompt) instead of IO.print followed by IO.readln()
SONARJAVA-6106 S8465 "ScopedValue" instances should be assigned to a stable reference
SONARJAVA-6112 Implement rule S8446 - Only one "main" method should be present
False Positive
SONARJAVA-6146 S8445: Relax the rule to allow more styles of sorting imports
False Negative
SONARJAVA-5017 S4684 Add support for Jakarta
Bug
SONARJAVA-6143 Repair quickFix for S1118 rule
Maintenance
SONARJAVA-6006 Bump org.assertj:assertj-core from 3.23.1 to 3.27.7
SONARJAVA-6016 Upgrade or remove Guava-based ruling test
SONARJAVA-6029 Licence packaging standard - SonarJava
SONARJAVA-6092 Add telemetry for Java 25 features
SONARJAVA-6098 Add redundant module imports checking to S1128
SONARJAVA-6114 Update RSpec synchonization GitHub action
SONARJAVA-6121 S2694 raises issues on classes classes within Implicitly Declared Classes
SONARJAVA-6140 Add automated release workflow
SONARJAVA-6141 Save ncloc metric on test files
SONARJAVA-6144 Modify rule S1128: Add an example of unnecessary module import
SONARJAVA-6150 Automated Release: Add Jira issue categories
SONARJAVA-6159 Update rule metadata: change formatting with new rule-api.jar
SONARJAVA-6178 Update rule metadata